PT-2018-17762 · Vobot · Vobot Clock

Thomas Roth

Published

2018-02-09

Updated

2019-10-03

CVE-2018-6826

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VOBOT CLOCK versions prior to 0.99.30

Description An issue allows man-in-the-middle attackers to execute arbitrary code by exploiting the use of cleartext HTTP to download a breakout program. This can be achieved by watching for a local user to launch the Breakout Easter Egg feature and then sending a crafted HTTP response.

Recommendations For versions prior to 0.99.30, update to version 0.99.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the Breakout Easter Egg feature until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-6826

Affected Products

Vobot Clock

PT-2018-17762 · Vobot · Vobot Clock

CVE-2018-6826

Related Identifiers

Affected Products

References · 3